Skip to content

ci: add dedicated verify stage for GPG signature checks #1

Open
Open
ci: add dedicated verify stage for GPG signature checks#1
Assignees
marcstraube
Labels
ciCI/CD improvementseffort:xsExtra small (<15 min)enhancementNew feature or request
@marcstraube

Description

@marcstraube
marcstraube
opened on Feb 15, 2026

Problem

The verify-signatures job runs in the test stage alongside all other jobs. If signatures are invalid, expensive test/analysis jobs still start before the verification fails.

Solution

Add a dedicated verify stage that runs before test (as implemented in zappzarapp/audit-logger):

stages:
  - verify
  - test
  - security

Move verify-signatures to stage: verify so it fails fast.

Reference

  • zappzarapp/audit-logger .gitlab-ci.yml

Metadata

Metadata

Assignees

Labels

ciCI/CD improvementseffort:xsExtra small (<15 min)enhancementNew feature or request

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions